Christopher Gregory wrote:
On Tue, September 16, 2014 5:40 am, Bruce Dubbs wrote:
David Brodie wrote:
On 15/09/14 14:53, Christopher Gregory wrote:
Hello David,
You are basing this on reading one file. Have you actually read
their website with regards to the build process?
Do you have any security related website that backs up your claims?
I HAVE read their site and most definately a system sql can be used,
as is being done in other distros.
I'll reply to the list, hope you don't mind. No, I haven't done the
research you suggested, however, I don't see that the benefit of
dynamically linking sqlite outweighs the possible risks (whatever they
are) that we are warned about by upstream. (IOW, I'm taking the path of
least resistance).
I agree. Let's leave tcl with the bundled sqlite. We should normally
go with the upstream developers' recommendations.
Hello Bruce,
Just to clarify on top of David's unfounded non-researched answer, which
by the way pisses me off highly, according to the developers of TCL all
the bundled software is unaltered by them. It is the exact same version
that you download from the included packages distribution sites.
We don't need ad hominem argumentation here.
All tcl have done is to make a build wrapper that calls the individual
configures.
The issue is that if sqlite changes, then it may break tcl. Using a
static library avoids that. On the other hand, if there is a problem
with the static library, then it is tcl's job to fix it. There are pros
and cons for both methods and indeed we generally like to use external
shared libraries. However in this case, there have been so many
problems, I'd prefer to go with static libraries in this case.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
